Skip to content

Instantly share code, notes, and snippets.

@superkojiman
Last active May 5, 2017 13:21
Show Gist options
  • Save superkojiman/595524f6b96c79380568 to your computer and use it in GitHub Desktop.
Save superkojiman/595524f6b96c79380568 to your computer and use it in GitHub Desktop.
Vulnerable binaries and source code for 64-bit Linux Stack Smashing tutorials.
/* Compile: gcc -fno-stack-protector -z execstack classic.c -o classic */
/* Disable ASLR: echo 0 > /proc/sys/kerne/randomize_va_space */
#include <stdio.h>
#include <unistd.h>
int vuln() {
char buf[80];
int r;
r = read(0, buf, 400);
printf("\nRead %d bytes. buf is %s\n", r, buf);
puts("No shell for you :(");
return 0;
}
int main(int argc, char *argv[]) {
printf("Try to exec /bin/sh");
vuln();
return 0;
}
/* Compile: gcc -fno-stack-protector leak.c -o leak */
/* Enable ASLR: echo 2 > /proc/sys/kernel/randomize_va_space */
#include <stdio.h>
#include <string.h>
#include <unistd.h>
void helper() {
asm("pop %rdi; pop %rsi; pop %rdx; ret");
}
int vuln() {
char buf[150];
ssize_t b;
memset(buf, 0, 150);
printf("Enter input: ");
b = read(0, buf, 400);
printf("Recv: ");
write(1, buf, b);
return 0;
}
int main(int argc, char *argv[]){
setbuf(stdout, 0);
vuln();
return 0;
}
/* Compile: gcc -fno-stack-protector ret2libc.c -o ret2libc */
/* Disable ASLR: echo 0 > /proc/sys/kerne/randomize_va_space */
#include <stdio.h>
#include <unistd.h>
int vuln() {
char buf[80];
int r;
r = read(0, buf, 400);
printf("\nRead %d bytes. buf is %s\n", r, buf);
puts("No shell for you :(");
return 0;
}
int main(int argc, char *argv[]) {
printf("Try to exec /bin/sh");
vuln();
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment